CAPTCHA smuggling
作者: Manuel Egele , Leyla Bilge , Engin Kirda , Christopher Kruegel
关键词: Optical character recognition 、 CAPTCHA 、 Web application 、 Computer science 、 Computer security 、 Internet privacy 、 Point (typography) 、 Web navigation
摘要: CAPTCHAs protect online resources and services from automated access. From an attacker's point of view, they are typically perceived as annoyance that prevents the mass creation accounts or posting messages. Hence, miscreants strive to effectively bypass these protection mechanisms, using techniques such optical character recognition machine learning. However, CAPTCHA systems evolve, become more resilient against analysis approaches.In this paper, we introduce evaluate attack denote smuggling. To perform smuggling, attacker slips challenges into web browsing sessions unsuspecting victims, misusing their ability solve challenges. A key our is surreptitiously injected interactions with benign applications (such mail social networking sites). As a result, normal part application raise no suspicion. Our evaluation, based on realistic user experiments, shows smuggling attacks feasible in practice.
acm.org
ucsb.edu
sci-hub.se 参考文章(18)
Baoning Wu, Brian D. Davison, Cloaking and Redirection: A Preliminary Study. adversarial information retrieval on the web. pp. 7- 16 ,(2005)
Monica Chew, J Doug Tygar, Image Recognition CAPTCHAs international conference on information security. pp. 268- 279 ,(2004) , 10.1007/978-3-540-30144-8_23
Luis von Ahn, Manuel Blum, Nicholas J. Hopper, John Langford, CAPTCHA: using hard AI problems for security theory and application of cryptographic techniques. pp. 294- 311 ,(2003) , 10.1007/3-540-39200-9_18
Philippe Golle, Machine learning attacks against the Asirra CAPTCHA Proceedings of the 5th Symposium on Usable Privacy and Security - SOUPS '09. pp. 45- ,(2009) , 10.1145/1572532.1572585
Luis von Ahn, Benjamin Maurer, Colin McMillen, David Abraham, Manuel Blum, reCAPTCHA: Human-Based Character Recognition via Web Security Measures Science. ,vol. 321, pp. 1465- 1468 ,(2008) , 10.1126/SCIENCE.1160379
Aleksey Kolupaev, Juriy Ogijenko, CAPTCHAs: Humans vs. Bots ieee symposium on security and privacy. ,vol. 6, pp. 68- 70 ,(2008) , 10.1109/MSP.2008.6
Luis von Ahn, Manuel Blum, John Langford, Telling humans and computers apart automatically Communications of the ACM. ,vol. 47, pp. 56- 60 ,(2004) , 10.1145/966389.966390
Richard Chow, Philippe Golle, Markus Jakobsson, Lusha Wang, XiaoFeng Wang, Making CAPTCHAs clickable Proceedings of the 9th workshop on Mobile computing systems and applications - HotMobile '08. pp. 91- 94 ,(2008) , 10.1145/1411759.1411783
Markus Jakobsson, Jacob Ratkiewicz, Designing ethical phishing experiments Proceedings of the 15th international conference on World Wide Web - WWW '06. pp. 513- 522 ,(2006) , 10.1145/1135777.1135853
Jeff Yan, Ahmad Salah El Ahmad, A low-cost attack on a Microsoft captcha Proceedings of the 15th ACM conference on Computer and communications security - CCS '08. pp. 543- 554 ,(2008) , 10.1145/1455770.1455839